[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-31402":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":66,"related":67,"reserved_at":9,"published_at":68,"modified_at":69,"state":70,"summary":71,"references_raw":80,"kevs":111,"epss":112,"epss_history":115,"metrics":303,"affected":310},"CVE-2026-31402","In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64],{"_key":25},"RHSA-2026:11313",{"_key":27},"RHSA-2026:13681",{"_key":29},"RHSA-2026:13734",{"_key":31},"RHSA-2026:14301",{"_key":33},"RHSA-2026:14823",{"_key":35},"RHSA-2026:14869",{"_key":37},"RHSA-2026:14925",{"_key":39},"RHSA-2026:13664",{"_key":41},"RHSA-2026:14165",{"_key":43},"RHSA-2026:10108",{"_key":45},"RHSA-2026:13577",{"_key":47},"RHSA-2026:13578",{"_key":49},"RHSA-2026:13936",{"_key":51},"RHSA-2026:14137",{"_key":53},"DEBIAN-CVE-2026-31402",{"_key":55},"RHSA-2026:15883",{"_key":57},"UBUNTU-CVE-2026-31402",{"_key":59},"RHSA-2026:13565",{"_key":61},"RHSA-2026:13566",{"_key":63},"RHSA-2026:19568",{"_key":65},"RHSA-2026:19569",[],[],"2026-04-03T15:16:05.724Z","2026-05-11T22:08:00.380Z","Analyzed",{"cisa_kev":72,"cisa_ransomware":72,"cisa_vendor":9,"epss_severity":73,"epss_score":74,"severity":75,"severity_score":76,"severity_version":77,"severity_source":78,"severity_vector":79,"severity_status":70},false,"low",0.00146,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[81,87,91,95,99,103,107],{"url":82,"sources":83,"tags":85},"https://git.kernel.org/stable/c/c9452c0797c95cf2378170df96cf4f4b3bca7eff",[78,84],"nvd",[86],"Patch",{"url":88,"sources":89,"tags":90},"https://git.kernel.org/stable/c/8afb437ea1f70cacb4bbdf11771fb5c4d720b965",[78,84],[86],{"url":92,"sources":93,"tags":94},"https://git.kernel.org/stable/c/dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0",[78,84],[86],{"url":96,"sources":97,"tags":98},"https://git.kernel.org/stable/c/0f0e2a54a31a7f9ad2915db99156114872317388",[78,84],[86],{"url":100,"sources":101,"tags":102},"https://git.kernel.org/stable/c/ae8498337dfdfda71bdd0b807c9a23a126011d76",[78,84],[86],{"url":104,"sources":105,"tags":106},"https://git.kernel.org/stable/c/5133b61aaf437e5f25b1b396b14242a6bb0508e2",[78,84],[86],{"url":108,"sources":109,"tags":110},"https://git.kernel.org/stable/c/f9fcb4441f6c02bb20c2eb340101e27dfe23607c",[78,84],[86],[],{"date":113,"score":74,"percentile":114},"2026-06-04",0.34702,[116,120,123,126,129,132,136,138,141,144,147,150,153,156,159,162,165,168,171,174,177,180,183,186,189,193,196,199,202,205,208,211,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,259,262,266,269,272,275,278,281,284,287,290,293,296,299,302],{"date":117,"score":118,"percentile":119},"2026-04-04",0.00036,0.10803,{"date":121,"score":118,"percentile":122},"2026-04-05",0.10791,{"date":124,"score":118,"percentile":125},"2026-04-06",0.10648,{"date":127,"score":118,"percentile":128},"2026-04-07",0.10653,{"date":130,"score":118,"percentile":131},"2026-04-08",0.10729,{"date":133,"score":134,"percentile":135},"2026-04-09",0.00048,0.14802,{"date":137,"score":134,"percentile":135},"2026-04-10",{"date":139,"score":134,"percentile":140},"2026-04-11",0.1476,{"date":142,"score":134,"percentile":143},"2026-04-12",0.14722,{"date":145,"score":134,"percentile":146},"2026-04-13",0.14668,{"date":148,"score":134,"percentile":149},"2026-04-14",0.14544,{"date":151,"score":134,"percentile":152},"2026-04-15",0.14571,{"date":154,"score":134,"percentile":155},"2026-04-16",0.14562,{"date":157,"score":134,"percentile":158},"2026-04-17",0.14566,{"date":160,"score":134,"percentile":161},"2026-04-18",0.14567,{"date":163,"score":134,"percentile":164},"2026-04-19",0.14518,{"date":166,"score":134,"percentile":167},"2026-04-20",0.14499,{"date":169,"score":134,"percentile":170},"2026-04-21",0.14631,{"date":172,"score":134,"percentile":173},"2026-04-22",0.14689,{"date":175,"score":134,"percentile":176},"2026-04-23",0.14697,{"date":178,"score":134,"percentile":179},"2026-04-24",0.14664,{"date":181,"score":134,"percentile":182},"2026-04-25",0.1468,{"date":184,"score":134,"percentile":185},"2026-04-26",0.14662,{"date":187,"score":134,"percentile":188},"2026-04-27",0.14644,{"date":190,"score":191,"percentile":192},"2026-04-28",0.00118,0.30323,{"date":194,"score":191,"percentile":195},"2026-04-29",0.30318,{"date":197,"score":191,"percentile":198},"2026-04-30",0.30293,{"date":200,"score":191,"percentile":201},"2026-05-01",0.30292,{"date":203,"score":191,"percentile":204},"2026-05-02",0.30329,{"date":206,"score":191,"percentile":207},"2026-05-03",0.30274,{"date":209,"score":191,"percentile":210},"2026-05-04",0.30209,{"date":212,"score":213,"percentile":214},"2026-05-05",0.00171,0.37911,{"date":216,"score":213,"percentile":217},"2026-05-06",0.37922,{"date":219,"score":213,"percentile":220},"2026-05-07",0.37981,{"date":222,"score":213,"percentile":223},"2026-05-08",0.37968,{"date":225,"score":213,"percentile":226},"2026-05-09",0.37992,{"date":228,"score":213,"percentile":229},"2026-05-10",0.37942,{"date":231,"score":213,"percentile":232},"2026-05-11",0.37906,{"date":234,"score":213,"percentile":235},"2026-05-12",0.37883,{"date":237,"score":213,"percentile":238},"2026-05-13",0.37923,{"date":240,"score":213,"percentile":241},"2026-05-14",0.3796,{"date":243,"score":213,"percentile":244},"2026-05-15",0.3797,{"date":246,"score":213,"percentile":247},"2026-05-16",0.37993,{"date":249,"score":213,"percentile":250},"2026-05-17",0.37954,{"date":252,"score":213,"percentile":253},"2026-05-18",0.37915,{"date":255,"score":213,"percentile":256},"2026-05-19",0.37919,{"date":258,"score":213,"percentile":238},"2026-05-20",{"date":260,"score":213,"percentile":261},"2026-05-21",0.37918,{"date":263,"score":264,"percentile":265},"2026-05-22",0.0014,0.3366,{"date":267,"score":264,"percentile":268},"2026-05-23",0.33669,{"date":270,"score":264,"percentile":271},"2026-05-24",0.33645,{"date":273,"score":264,"percentile":274},"2026-05-25",0.33613,{"date":276,"score":264,"percentile":277},"2026-05-26",0.33606,{"date":279,"score":264,"percentile":280},"2026-05-27",0.33674,{"date":282,"score":264,"percentile":283},"2026-05-28",0.33769,{"date":285,"score":264,"percentile":286},"2026-05-29",0.33809,{"date":288,"score":74,"percentile":289},"2026-05-30",0.34735,{"date":291,"score":74,"percentile":292},"2026-05-31",0.34717,{"date":294,"score":74,"percentile":295},"2026-06-01",0.34701,{"date":297,"score":74,"percentile":298},"2026-06-02",0.34719,{"date":300,"score":74,"percentile":301},"2026-06-03",0.34711,{"date":113,"score":74,"percentile":114},[304,308],{"source":78,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":305,"cvss_v4_0":9},{"baseScore":76,"baseSeverity":306,"vectorString":79,"impactScore":76,"exploitabilityScore":307},"CRITICAL",10,{"source":84,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":309,"cvss_v4_0":9},{"baseScore":76,"baseSeverity":306,"vectorString":79,"impactScore":76,"exploitabilityScore":307},[311,343],{"ecosystem":9,"name":312,"vendor":313,"product":313,"cpe_part":314,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":315},"Linux","linux","a",[316,323,326,329,332,335,338,341],{"version":317,"is_range":318,"range_type":78,"version_start":319,"version_start_type":320,"version_end":321,"version_end_type":322,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C f9fcb4441f6c02bb20c2eb340101e27dfe23607c",true,"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","including","f9fcb4441f6c02bb20c2eb340101e27dfe23607c","excluding",{"version":324,"is_range":318,"range_type":78,"version_start":319,"version_start_type":320,"version_end":325,"version_end_type":322,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C c9452c0797c95cf2378170df96cf4f4b3bca7eff","c9452c0797c95cf2378170df96cf4f4b3bca7eff",{"version":327,"is_range":318,"range_type":78,"version_start":319,"version_start_type":320,"version_end":328,"version_end_type":322,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C 8afb437ea1f70cacb4bbdf11771fb5c4d720b965","8afb437ea1f70cacb4bbdf11771fb5c4d720b965",{"version":330,"is_range":318,"range_type":78,"version_start":319,"version_start_type":320,"version_end":331,"version_end_type":322,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0","dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0",{"version":333,"is_range":318,"range_type":78,"version_start":319,"version_start_type":320,"version_end":334,"version_end_type":322,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C 0f0e2a54a31a7f9ad2915db99156114872317388","0f0e2a54a31a7f9ad2915db99156114872317388",{"version":336,"is_range":318,"range_type":78,"version_start":319,"version_start_type":320,"version_end":337,"version_end_type":322,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C ae8498337dfdfda71bdd0b807c9a23a126011d76","ae8498337dfdfda71bdd0b807c9a23a126011d76",{"version":339,"is_range":318,"range_type":78,"version_start":319,"version_start_type":320,"version_end":340,"version_end_type":322,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C 5133b61aaf437e5f25b1b396b14242a6bb0508e2","5133b61aaf437e5f25b1b396b14242a6bb0508e2",{"version":342,"is_range":72,"range_type":78,"version_start":342,"version_start_type":320,"version_end":342,"version_end_type":320,"fixed_in":9},"2.6.12",{"ecosystem":9,"name":344,"vendor":313,"product":345,"cpe_part":346,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":347},"linux kernel","linux_kernel","o",[348,353,357,361,365,369,373,374,376,378,380,382,384,386,388],{"version":349,"is_range":318,"range_type":350,"version_start":351,"version_start_type":320,"version_end":352,"version_end_type":322,"fixed_in":9},"gte2.6.12.1_lt5.10.253","cpe","2.6.12.1","5.10.253",{"version":354,"is_range":318,"range_type":350,"version_start":355,"version_start_type":320,"version_end":356,"version_end_type":322,"fixed_in":9},"gte5.11_lt6.1.167","5.11","6.1.167",{"version":358,"is_range":318,"range_type":350,"version_start":359,"version_start_type":320,"version_end":360,"version_end_type":322,"fixed_in":9},"gte6.2_lt6.6.130","6.2","6.6.130",{"version":362,"is_range":318,"range_type":350,"version_start":363,"version_start_type":320,"version_end":364,"version_end_type":322,"fixed_in":9},"gte6.7_lt6.12.78","6.7","6.12.78",{"version":366,"is_range":318,"range_type":350,"version_start":367,"version_start_type":320,"version_end":368,"version_end_type":322,"fixed_in":9},"gte6.13_lt6.18.20","6.13","6.18.20",{"version":370,"is_range":318,"range_type":350,"version_start":371,"version_start_type":320,"version_end":372,"version_end_type":322,"fixed_in":9},"gte6.19_lt6.19.10","6.19","6.19.10",{"version":342,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":375,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.12:rc2",{"version":377,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.12:rc3",{"version":379,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.12:rc4",{"version":381,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.12:rc5",{"version":383,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc1",{"version":385,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc2",{"version":387,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc3",{"version":389,"is_range":72,"range_type":350,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc4"]